PingOne

REST certified provisioners

You can use a REST connection to enable provisioning between PingOne and a REST-based target system. This allows you to import users into PingOne and provision users and groups from PingOne to REST endpoints.

Provisioning Zendesk with a REST connection using PingOne

As a REST-certified provisioner, Zendesk enables you to configure this provisioning framework to sync users and groups between PingOne and Zendesk.

Provisioning capabilities

Resource Capability Description Inbound Outbound

User

Create

Generates a new user record in the destination.

Yes

Yes

Read

Retrieves or polls user attributes for synchronization.

Yes

Yes

Update

Modifies existing attributes, such as job title.

Yes

Yes

Delete

Deletes a user or temporarily suspends an account.

Yes

Yes

Group

Create

Provisions a new group in the target application.

No

Yes

Rename

Updates the display name or identifier of an existing group.

No

Yes

Delete

Removes a group from the target application.

No

Yes

Membership

Add and remove

Handles additions and removals of users within groups.

No

No

Before you begin

Make sure that you have:

  • Administrator access to the Zendesk application you want to provision against.

  • The following from your Zendesk account for OAuth or token authentication:

    • Client ID

    • Client Secret

    • Token Endpoint

    • Grant Type

    • Scope

    • Authorization Token Prefix

    • Auth Token

  • User and group schema definitions that you can upload in the Object Types section in PingOne.

  • Users assigned to a specific population or group in PingOne designated for Zendesk provisioning. Learn more in Adding a user in PingOne and Managing groups.

Steps

  1. In the PingOne admin console, create a REST provisioning connection to Zendesk.

    Configure the REST connection with the following values specific to your Zendesk account:

    • Name: Enter a name for your connection, such as Zendesk REST Provisioning.

    • Description (optional): Enter a description for your Zendesk provisioning connection.

    • Authentication Method: Select one of the following:

      • OAUTH: Enter the following:

        Configuration Example

        Service URI

        https://api.example.com

        Client ID

        example-client-id

        Client Secret

        example-client-secret

        Token Endpoint

        https://api.example.com/oauth/token

        Grant Type

        Select client_credentials or refresh_token. When refresh_token is selected, the Refresh Token field is required.

        (Optional) Scope

        read write

      • TOKEN: Enter the following:

        • Service URI:https://api.example.com

        • Authorization Token Prefix: Bearer

        • Auth Token: example-auth-token.

    • In the User Actions section, select the following as needed:

      Field Description

      Enable users creation

      Creates a user in the target identity store when the user is created in the source identity store.

      Enable users updation

      Updates user attributes in the target identity store when the user is updated in the source identity store.

      Enable users deprovision

      Deprovisions a user in the target identity store when the user is deprovisioned in the source identity store. If Enable users deprovision is selected, the following options appear:

      • Remove Action: Removes or disables a user in the target identity store when the user is deleted in the source identity store.

      • Deprovision on rule deletion: Deprovisions users if the associated provisioning rule is deleted.

    • In the Object Types section for the REST connection, upload or define the schema for the User Object or Group Object. Learn more in Provisioning REST with PingOne.

  2. Create an outbound rule and select the Zendesk connection as the target. This is also when you can add a user filter and attribute mapping.

  3. Confirm users and groups are successfully provisioned to Zendesk. View the sync status to review synchronization results and any errors. You can find examples in Outbound provisioning sync summary examples.

Zendesk object attributes

The following table lists example attributes that can be mapped for user provisioning:

Attribute Description

name

The display name for the Zendesk user or group.

email

The primary email address for the Zendesk user.

phone

The phone number for the Zendesk user.

Example REST-Zendesk schemas

The following are examples of user and group schemas. Use the most current schema supported by your environment.

User schema
{
  "schema": [
    {
      "fieldName": "name",
      "type": "STRING",
      "flags": ["REQUIRED"]
    },
    {
      "fieldName": "email",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "role",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "alias",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "timezone",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "external_id",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "suspended",
      "type": "BOOLEAN",
      "flags": []
    },
    {
      "fieldName": "phone",
      "type": "STRING",
      "flags": []
    },
    {
      "fieldName": "verified",
      "type": "BOOLEAN",
      "flags": []
    }
  ],
  "operations": {
    "CREATE": {
      "method": "post",
      "path": "api/v2/users.json",
      "idPath": "user.id",
      "requestMapping": {
        "name": "user.name",
        "email": "user.email",
        "role": "user.role",
        "alias": "user.alias",
        "timezone": "user.timezone",
        "external_id": "user.external_id",
        "suspended": "user.suspended",
        "phone": "user.phone",
        "verified": "user.verified"
      },
      "requestBody": {
        "user": {}
      }
    },
    "GET": {
      "method": "get",
      "path": "api/v2/users/{uid}.json",
      "idPath": "user.id",
      "namePath": "user.email",
      "responseMapping": {
        "name": "user.name",
        "email": "user.email",
        "role": "user.role",
        "alias": "user.alias",
        "timezone": "user.timezone",
        "external_id": "user.external_id",
        "suspended": "user.suspended",
        "phone": "user.phone",
        "verified": "user.verified"
      }
    },
    "UPDATE": {
      "method": "put",
      "path": "api/v2/users/{uid}.json",
      "idPath": "user.id",
      "requestMapping": {
        "name": "user.name",
        "email": "user.email",
        "role": "user.role",
        "alias": "user.alias",
        "timezone": "user.timezone",
        "external_id": "user.external_id",
        "suspended": "user.suspended",
        "phone": "user.phone",
        "verified": "user.verified"
      },
      "requestBody": {
        "user": {}
      }
    },
    "DELETE": {
      "method": "delete",
      "path": "api/v2/users/{uid}.json"
    },
    "QUERY": {
      "method": "get",
      "path": "api/v2/users.json",
      "idPath": "id",
      "namePath": "name",
      "pagination": {
        "pageSizePagination": {
          "type": "param",
          "param": "page[size]={_pageSize}"
        },
        "cookiePagination": {
          "type": "param",
          "param": "page[after]={_pagedResultsCookie}"
        },
        "pagedResultsCookie": {
          "type": "body",
          "path": "$.meta.after_cursor"
        }
      },
      "responseMapping": {
        "$.users": {
          "id": "id",
          "email": "email",
          "name": "name",
          "role": "role",
          "suspended": "suspended",
          "alias": "alias",
          "timezone": "timezone",
          "external_id": "external_id",
          "phone": "phone",
          "verified": "verified"
        }
      }
    }
  }
}
Group schema
{
            "schema": [
                {
                    "fieldName": "name",
                    "type": "STRING",
                    "flags": []
                }
            ],
            "operations": {
                "CREATE": {
                    "method": "post",
                    "path": "api/v2/groups.json",
                    "idPath": "group.id",
                    "requestMapping": {
                        "name": "group.name"
                    },
                    "requestBody": {
                        "group": {}
                    }
                },
                "GET": {
                    "method": "get",
                    "path": "api/v2/groups/{uid}.json",
                    "idPath": "group.id",
                    "namePath": "group.name",
                    "responseMapping": {
                        "name": "group.name"
                    }
                },
                "UPDATE": {
                    "method": "put",
                    "path": "api/v2/groups/{uid}.json",
                    "idPath": "group.id",
                    "requestMapping": {
                        "name": "group.name"
                    },
                    "requestBody": {
                        "group": {}
                    }
                },
                "DELETE": {
                    "method": "delete",
                    "path": "api/v2/groups/{uid}.json"
                }
            },
            "exceptions": {
                "NOT_FOUND": [
                    {
                        "code": "404",
                        "messageErrorPath": "error",
                        "regularExpression": ".*"
                    }
                ],
                "ALREADY_EXIST": [
                    {
                        "code": "422",
                        "messageErrorPath": "description",
                        "regularExpression": ".*"
                    }
                ],
                "BAD_REQUEST": [
                    {
                        "code": "400",
                        "messageErrorPath": "error",
                        "regularExpression": ".*"
                    }
                ]
            }
        }